Hi,

We're looking into start using Zabbix in our environment in which case we will use Debian 13 and the package registry.

However, our team is quite heavily understaffed and as such we have employed a strategy to patch servers using Ansible and today we patch nearly all our server automatically on schedule using in-house developed Ansible roles which includes automatic snapshots in the hypervisor before each patch, as well as automatic maintenance mode for the specific server in our currently monitoring platform, with the possibility to inject any type of Ansible tasks specific to the server before or after the upgrade process (i.e stopping/starting databases, performing health checks etc).

Reading the Zabbix manual at first it seemed upgrading between minor versions wouldn't be a problem, but then I landed on the upgrade notes from which I gathered it's not always safe to do a straight upgrade of minor versions.

So, regarding this I have a couple of questions:

1. Is it safe to always upgrade patch versions? We might get away if can implement some kind of check that stops the auto upgrade if it's a major or minor upgrade, but proceeds if its a patch upgrade.
2. When upgrading server, proxy and agents, from my understanding it's best to upgrade server, then proxy and then agents - is this correct? I'm thinking of implementing some kind of check on each component to make sure we don't prematurely upgrade their versions before the preceeding component have upgraded.